Use of atoll() for CVE-2011-2522
Kai Blin
kai at samba.org
Fri Jul 29 00:18:46 MDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2011-07-28 11:37, Albert Chin wrote:
> The patch for CVE-2011-2522 uses atoll():
> ...
> + if (sizeof(time_t) == sizeof(int)) {
> + xsrf_time = atoi(time_str);
> + } else if (sizeof(time_t) == sizeof(long)) {
> + xsrf_time = atol(time_str);
> + } else if (sizeof(time_t) == sizeof(long long)) {
> + xsrf_time = atoll(time_str);
> + }
> ...
>
> HP-UX 11.00/PA, 11.11/PA, and 11.23/PA do not provide this function. I
> think it is specific to C99. Does Samba now require a C99-compliant
> system to compile?
So, seeing how HP-UX doesn't have atoll and strtoll, how do you convert
a string to a long long on that platform? And what's the size of time_t
on HP-UX? I take we can use strtoimax for our libreplace implementation
of atoll?
Cheers,
Kai
- --
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4yUMEACgkQEKXX/bF2FpSVFgCfVCgNo9luorBx80NU/uX6fqor
Oo0AnRFZUpnQdLC91tl9oS0Tt7y3ArYO
=hjhy
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list